Security Overview

HunchBuzz is a New Zealand company that provides cloud-based idea and Innovation Management Software (IMS)
globally. Our company is an approved
supplier to the UK Government via the G-Cloud digital marketplace and our services are hosted at Amazon Web
Services (AWS) datacenters.

Secure Communication

All connections to HunchBuzz are secured via SSL/TLS. Any attempt to connect over HTTP is redirected to HTTPS.

API and DMZ

HunchBuzz has a secure API framework within a Demilitarized Zone (DMZ). Front-end code is separated from the core
API
providing a robust security layer, access to the API is strictly limited.

Securely hosted in the Cloud

HunchBuzz utilises secure development best practices that integrate security reviews throughout design, prototype,
and deployment. Hosted within a
secured public cloud, the HunchBuzz platform is self-contained and cannot detect, interfere with or view any other
platform within the hosting environment.
This policy is managed at a layer not accessible to other platforms within the environment. More detail:

The platform is separated from all other systems within the cloud environment.

The Platform has its own custom binary and source code. The executable code can only be triggered via web
requests.

The environment allows nothing to be executed within, or to be written to the file system. These strict
measures help eliminate the possibility of malicious code being written to or executed within the hosting
environment.

All customer and user data is stored in the AWS S3 storage service which provides special security policies
above PCI (bank) standards.

Services use a dynamic firewall and forwarder to connect to the database and memcache. These are network layer
redirects routed directly to the services.

It is not possible for any app within our hosting provider to connect to our services–even if they were using
hijacked credentials. Requests to our services are only permitted if they come from the HunchBuzz app, else they
are rejected.

A malicious instance within our hosting providers environment has no access to the layer where the redirect
was created.

Finally, a firewall and intrusion detection layer inspects and validates each request. This firewall is
updated nightly to include the latest intrusion detection rules.

Limited Staff Access

HunchBuzz has strict rules and checks around who has access to the back-end database and services. Only specific
staff have access to
make changes and modifications, all access to the back-end systems is logged.

Content Verification

Post content verification is achieved through a web application firewall. Post-like events such as spam, login
credentials, hacking, XSS,
SQL injection will be stopped in real-time.

Browser Integrity Check

Our network Scans HTTP headers abused by spammers and denies access. These checks also challenge visitors that do
not have a standard
web browser or user agent.

Application Firewall

We use an industry standard Web Application Firewall (WAF) which detects and blocks common keywords used in
comment spam, as well as attack
signatures used in cross-site scripting attacks and SQL injections.